Stuff from Exams I don't knw #4

Question 1

Serverless Architecture

Answer 1

serverless architecture refers to a cloud computing model where the cloud provider manages the infrastructure, automatically scaling resources as needed. In this model, users don’t need to manage or provision servers; instead, they focus on writing code and deploying functions.

Question 2

Risk Management Components

Answer 2

Risk assessment, risk response.

Question 3

VXLAN

Answer 3

Virtual Extensible LAN - encapsulation protocol enabling switch created network segments to be stretched across subnets and geographical space.

Question 4

Which component of IPSec allows multiple concurrent vpns?

Answer 4

ISAKMP

Question 5

Familiarity

Answer 5

AKA ‘liking’ used as a social engineering principle. Attempts to exploit native trust in something familiar.

Question 6

Temporal Protections - encryption

Answer 6

Process that marks encrypted traffic as valid for only a limited amount of time.

Used to prevent replay attacks.

Question 7

Is Security Governance related to Acquisitions, divestitures, and governance committees?

Answer 7

Yes

Question 8

RFC 6749

Answer 8

OAuth

Question 9

Scoping

Answer 9

Removing controls from a suggested baseline of controls.

Question 10

Service Ticket

Answer 10

In Kerberos authentication, a service ticket is a time-limited credential provided by the Ticket Granting Server (TGS) after a user presents a valid Ticket Granting Ticket (TGT). This service ticket allows the user to access a specific network service, serving as proof of the user’s authenticated identity for the requested service.

Question 11

What is a Ticket Granting Ticket?

Answer 11

Kerberos ticket that allows authenticated users to request access to network services.

Question 12

What is a Ticket Granting Server?

Answer 12

A Kerberos Ticket Granting Server (TGS) is a component in the Kerberos authentication system that issues service tickets to users after they have successfully obtained a Ticket Granting Ticket (TGT) from the Authentication Server (AS). The TGS plays a key role in facilitating secure access to various services within a network by providing users with tickets that authenticate their identity to those servic

Question 13

Randomized masking

Answer 13

An anonymization technique. When done correctly cannot be reversed.

Question 14

What best describes a Service Account?

Answer 14

Used to run applications.

Question 15

Wired Extension

Answer 15

A single added WAP used to extend a wired network.

Question 16

Enterprise Extension

Answer 16

Topology where wireless network is designed to support large envioronment with one SSID, numerous APs. Ofeten used to extend a wired network.

Question 17

What port is used for SQL

Answer 17

1433

Question 18

IR Mitigate phase

Answer 18

Contain Damage

Question 19

IR Recovery phase

Answer 19

Restore system back to original state

Question 20

IR Remediation phase

Answer 20

Root Cause Analysis, patch.

Question 21

IR Response phase

Answer 21

Gather the IR team

Question 22

Software test coverage that verifies every if statement in code has been executed under all ‘if’ and ‘else’ conditions?

Answer 22

Branch coverage

Question 23

Split-response attack

Question 24

Cache Poisoning

Question 25

DCE and IDL??

Answer 25

DCOM, RPC, CORBA….

Question 26

WiFi uses _______ for collision detection

Answer 26

CSMA/CA

Question 27

TM symbol vs R symbol

Answer 27

TM is used to indicate a trademark that isn’t yet registered with USPTO

R is a Registered Trademark

Question 28

What is a Web Development Framework?

Answer 28

A Code package used to provide many of the functions a webpage will need, such as Angular Js, Flask, Django, Symfony, Express.

Question 29

OIDC/OpenD Connect

Answer 29

Uses the RFC6749 OAuth framework, but is maintained by the openid foundation.

Question 30

Is HVAC considered a security control?

Answer 30

Yes, because it cPontrols temperature in server rooms.

Question 31

What is the primary goal of Asset Inventory Managemetn

Answer 31

Prevent Losses.

Question 32

ECDSA Elliptic Curve Digital Signature Alg.

Answer 32

Elliptic Curve Cryptography when used to produce digital signatures.

Question 33

Distributed Data Model

Answer 33

Data is stored in more than one DB, but is still logically connected. User perceives the DB as a single entity, even though it comprises numerous parts over a network.

Question 34

Branch Coverage

Answer 34

Evaluates that every ‘if’ statement has been executed.

Question 35

What does Baselining provide?

Answer 35

a minimum level of security. Meant to be a starting point, does not ensure maximum security.

Question 36

Should you clear and purge on tapes?

Answer 36

You can, but this will reduce the lifetime of the tapes. Not the best option.

Question 37

TCP Wrapper

Answer 37

An application that can serve as a basic firewall by restricting access based on user IDs or system IDs. (I think) typically only used in Linux and Unix environments

Question 38

Kerberos Port

Answer 38

88

Question 39

TKIP

Answer 39

Introduced with WPA as a replacement for weaker WEP encryptions. Now considered deprecated.

Question 40

SAE

Answer 40

Introduced in WPA3, simultaneous authentication of equals. Removes the need for a key exchange.

Question 41

OpenID Connect and JSON tokens, what is the relationship?

Answer 41

JSON Tokens used to pass information back and forth between entities.

Question 42

Fileless Malware

Answer 42

Malware that leaves no trace.

Question 43

SCAP - CCE? Is CCE a thing?

Answer 43

Yes - stands for Common Configuration Enumeration. A Naming system for system configuration issues.

Question 44

VMS Vendor Management System

Answer 44

Vendor Management System: Assists with mgmt and procurement of staffing services, hardware, software, and other needed products/services.

Question 45

OFDM, DSS, FHSS??

Question 46

DNSSEC and PKI?

Answer 46

DNSSEC uses certs to perform mutual authentication of peer DNS servers.

Question 47

Embedded System?

Answer 47

Is a computer implemented as part of a larger system. Typically designed around a limited set of specific functions in relation to the larger product it is a component of.

Question 48

ISA

Answer 48

ISA: Interconnection Security Agreement

formal declaration of the security stance, risk, and technical requirements to link two organizations’ IT infrastructures.

Question 49

Audit vs Assessment

Question 50

Can a WAF be used in lieu of yearly web vuln. assessments in PCI??

Answer 50

Yes

Question 51

Does Configuration management account for changes in already-running systems?

Answer 51

NO - it’s only used to ensure systems are similarly deployed.

Question 52

Final step of Fagan Inspection?

Answer 52

Follow-up

Question 53

Can a Configuration Management System assist in Hardware Asset Mgmt?

Answer 53

Yes

Question 54

BPA

Answer 54

Business Partners Agreement: Contract between two entities dictating the terms of the business relationship.

Question 55

SLR

Answer 55

Service Level Agreement:

Statement of expectations of service and performance from the product or service of a vendor.

Question 56

What is DRM geared towards protecting?

Answer 56

Copyrighted materials

Question 57

Tokenization vs Psedonymization

Answer 57

Token - third party holds mappings

Pseudonymization - internal DB hold mappings

Question 58

BiometricsL: one-to-many

Answer 58

Identification

Question 59

Biometrics: one-to-one

Answer 59

authentication

Question 60

Tunnel Mode VPN connects ____ to ____?

Answer 60

Networks to Networks, or Hosts to Networks

Question 61

Transport Mode VPN connects ____ to ____?

Answer 61

Hosts to hosts.

Question 62

DB - Concurrency?

Answer 62

Concurrency locks the data elements while a change is processing, so that a second operation cannot be run against the data at the same time.

Question 63

Risk Assignment

Answer 63

Synonymous with Risk Transference (i.e cyberinsurance)

Question 64

Is a VPN an example of network segmentation?

Answer 64

NO

Question 65

Cloud Security Policy - CSP

Answer 65

Rules how the provider provides service.

Question 66

Software - statement coverage

Answer 66

Test to verify that every line of code is executed.

Question 67

FHSS

Answer 67

Frequency Hopping Spread Spectrum (FHSS) is a transmission technology in which the data signal is modulated by a narrowband carrier signal which changes frequency (“hops”) over a wide band of frequencies.